1. Question 1. What Is Routing?

Answer :
The ROUTING TABLE is a table maintained in the kernel that determines how packets are
routed to other systems. A number of programs may add or delete routes from the routing
tables, including route, ifconfig, in.routed and in.rdisc. The routing table consists of three
types of routes: HOST ROUTES are checked first and define a route to just one host.
NETWORK ROUTES are checked second and define a route to all the hosts on one network.
DEFAULT ROUTES are used as a catch-all, when no host or network routes are found to a
destination. They usually send to a more knowledgeable routing machine, which has a better
chance of being able to find a host or network route to the destination.
2. Question 2. What Is Arp?
Answer :
P, the ADDRESS RESOLUTION PROTOCOL. ARP is the protocol which converts the IP
address to an address appropriate to the hardware type (ie, Ethernet addresses on an ether
network). After normal routing protocols have done their work, ARP springs in to action. It's
what actually gets packets from one machine to another. Usually, you should not have to
worry about ARP at all. Except in special setups, it should work totally transparently.
3. Question 3. How Routing Starts Up?
Answer :
Solaris and SunOS each have a specific order which they use to start up routing: If an
/etc/defaultrouter file exists, only static routing will be used, and a static default route will be
created to the machine listed in the defaultrouter file. If there is no /etc/defaultrouter file, and
the machine is a router, both in.routed and in.rdisc will be started, and they will advertise
routing information. SunOS machines will only start up in.routed, as in.rdisc is not available
under SunOS. If there is no /etc/defaultrouter file, and the machine is a host, in.rdisc is
initially started.
If any machines on the same network advertise via Routing Discovery, in.rdisc will be used as
the dynamic routing program if there are no machines advertising via Routing Discovery,
in.rdisc will quickly quit. SunOS skips this step. Finally, if there is no /etc/defaultrouter file,
and either the machine is running SunOS, or in.rdisc has failed, then in.routed is started. It
will listen for other in.routed programs advertising via RIP packets. This is the default manner
in which most out-of-the-box Suns will operate.
4. Question 4. What Is Ip Addresses, Netmasks And Subnets?
Answer :
All IP ADDRESSES are divided into two portions: the NETWORK ADDRESS, and the
HOST ADDRESS. The network portion of the IP address defines the level at which routing is
done this means that all machines with the same network address are on the same network.
For example, if we had the IP address a.b.c.d, we might learn that the network portion of that
address was a.b, and the host portion of that address was c.d. In that case, all machines with
the IP address a.b.*.* would be on the same network. We would typically see a route to the
network a.b.0.0. By default, Internet IP addresses are divided into 3 Classes. Each of these
ranges has a different portion of the IP address reserved as the network and host addresses.
Class IP Range Network Host
Class A 1.*.*.* to 127.*.*.* a b.c.d
Class B 128.*.*.* to 191.*.*.* a.b c.d
 Class C 192.*.*.* to 223.*.*.* a.b.c d
Multicast: Class D 224.0.0.0 to 239.255.255.255.
Reserved: Class E 240.0.0.0 to 247.255.255.255
5. Question 5. What Is Ifconfig?
Answer :
It is always best to start investigating routing problems by making sure that your interfaces
are set up correctly. By running ifconfig, you can see your current interface setup: # ifconfig -
a lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1
netmask ff000000 le0:
flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet
150.101.16.28 netmask ffffff00 broadcast 150.101.16.255 ether 8:0:20:10:78:d When an
interface is brought up, it automatically creates a route.
This route will be to the local network for multipoint interfaces (ether, FDDI, TR, etc), or to a
host for point-to-point interfaces (PPP). If your main interface (le0 in the above example) is
not UP and RUNNING, clearly no routing will be occurring through it. If the interface is UP,
you will also want to examine the inet and netmask entries of your main interface, and make
sure they are set correctly. If the inet is set wrong, check your /etc/hostname.interfacename
file (ie, hostname.le0) and your /etc/hosts file. If the netmask is set wrong, check your
/etc/netmasks file
6. Question 6. What Is Netstat?
Answer :
You can examine your current routing tables by running the command netstat, as follows:
%%%% netstat -rn
7. Question 7. Explain Ping?
Answer :
If your problem is not obvious from examining 'ifconfig -a' and 'netstat -rn', the ping
command can be very useful in diagnosing it further. Try running 'ping -s machine-with-no-
route'. There are two possibilities. If you get some type of 'network unreachable' or 'host
unreachable' error, this typically means that there is no route on your machine to the machine
you are trying to ping. You will probably need to define a static route for that machine's
network, or possibly a default route. Following are a few examples. Under SunOS, you'll just
get the basic '... unreachable' errors: %%%% ping -s lab-manta PING lab-manta: 56 data
bytes sendto: Network is unreachable ping: wrote 150.101.89.28 64 chars, ret=-1 At this
point, you should return to looking at your 'netstat -r' table.
8. Question 8. What Is Traceroute?
Answer :
If you can't solve your routing problems by looking at the routing tables and interfaces, a
useful program for helping solve the problem is traceroute. Solaris 2.7 software bundles the
popular traceroute utility. Unfortunately, this program is not shipped with SunOS or Solaris
prior to 2.7, and as a result is not supported by SunService. However, you can easily find a
copy on the internet. The ftp site ftp.dfn.de contains traceroute under the /pub/tools directory.
If you consult 'archie' or other searching programs, it is likely that you will be able to find a
more local copy. Traceroute works by sending out a set of 3 UDP packets.
These packets are initially given a Time-To-Live of 1 hop, which is then increased to 2 hops,
then to 3, etc.... until the packets reach the remote machine. This has the effect of stepping
 through the routers leading towards a destination machine, one at a time. However, it also
causes you to only see a unidirectional route, from your client to the destination machines. It's
quite possible for routes to be different going from and to a machine, and traceroute will not
standardly show this. For example, if packets followed the following path: --> C --> A B
9. Question 9. How To Set A Defaultrouter?
Answer :
If you want to define a default router, so that you can send all of your non-local packets
through one standard machine, simply create the file /etc/defaultrouter. It should have as its
sole contents, the hostname or ipnumber of your router: %%%% cat /etc/defaultrouter router-
1 or: 150.101.16.1 Note that any machine listed as a defaultrouter _must_ be on the same
subnet as your machine and the name listed in /etc/hosts. On Solaris 2.4, and later, you can
actually list multiple routers in the /etc/defaultrouter file, one default router per line: %%%%
cat /etc/defaultrouter router-1 router-2 router-3 You also need to make sure that every name
which appears in /etc/defaultrouter has an entry in your /etc/hosts file:
%%%% cat /etc/hosts ... 150.101.16.1 router-1 150.101.16.2 router-2 150.101.16.3 router-3
After you have created /etc/defaultrouter, and made sure that any names listed in that file are
also listed in /etc/hosts, you can reboot your machine. When it comes back up, it will
automatically be routing through the defaultrouter that you have defined. If you have a simple
network, or if you are just trying to get routing to work after your Sun machine is first
installed, you probably want to set up a defaultrouter, as is described here. Some further
advice on what type of routing to use. How does multiple default routes work?
10. Question 10. How To Add Static Routes?
Answer :
At any time, you can add static routes to your machine via the route command. The standard
syntax for adding a network route is: route add net "remote-network-ip gateway-ip" 'hop-
metric-count' On Solaris 2.6: route add -net "remote-network-ip gateway-ip" -netmask route
add -host "host-ip local-intrf-ip" -interface remote-network-ip is the network you are adding a
route to, gateway-ip is the ip address of the gateway that leads to that remote-network. hop-
count is an integer which identifies the number of gateways that you must go through to get to
the remote-network.
A network that is directly connected to your machine would have a hop count of 0 (ie, the
150.101.16.0 net in the example below). A remote-network that is directly connected to a
gateway-machine that is, in turn, on the same network as your machine would have a hop
count of 1 (ie, the 150.101.17.0 net in the example below). Static routes are rarely added for
remote-networks with a hop count greater than 1.
11. Question 11. How To Use In.rdisc?
Answer :
The in.rdisc daemon is only available on Solaris machine it depends on multicasting, which is
not present on older SunOS machines. If you do not have an /etc/defaultrouter file on a
Solaris machine, any routing host will automatically bring up in.rdisc at boot time. As long as
there is at least one router on the same network which advertises Router Discovery messages,
in.rdisc will continue running. If nothing responds to the initial Router Discovery queries,
in.rdisc on a routing host will automatically quit, and the rc files will fall through to in.routed.
Solaris routers will also automatically bring up in.rdisc at boot time, if there is no
/etc/defaultrouter file.
 They will not ever exit, but rather will advertise via Router Discovery messages. If you want
in.rdisc to run, you should never have to do anything, other than delete the /etc/defaultrouter
file, if it exists, and make sure that at least one Router Discovery compliant router exists on
the same subnet as your machine. If you want to disable in.rdisc, you should simply rename
it: %%%% mv /usr/sbin/in.rdisc /usr/sbin/rdisc.save In general, in.rdisc should only be run on
routing hosts if your local network is relatively complex.
12. Question 12. How To Use In.routed?
Answer :
On a SunOS machine, in.routed will automatically be started if there is no /etc/defaultrouter
file and in.rdisc failed to find any Router Discovery compliant routers on the local network.
in.routed will automatically start on routers if there is no /etc/defaultrouter file, even if
in.rdisc is running. in.routed supports RIPv1 only.
You should not need to do anything, other than possibly deleting an /etc/defaultrouter file, in
order to get in.routed to run. You can force in.routed to bring up standard network routes by
putting entries for them into the file /etc/gateways. The standard format for that file is: net
gateway metric passive or: net gateway metric active remote-network-ip, gateway-ip and hop-
count.
13. Question 13. How To Force A Machine To Be A Router?
Answer :
If your machine has at least two interfaces in addition to lo0, or if your machine has at least
one point-to-point interface, it will automatically be set up as a router. Solaris 2.x: The IP
layer will normally act as a router (forwarding datagrams that are not addressed to it, among
other things) when the machine has two or more interfaces that are up. This behavior can be
overridden by using ndd(1M) to set the /dev/ip variable, ip_forwarding. The value 0 means do
not forward; the value 1 means forward.
14. Question 14. How To Force A Sunos Machine Not To Be A Router?
Answer :
If you do not want your multiple-interface SunOS machine to route packets, you will need to
rebuild the kernel. In the file /sys/netinet/in_proto.c, change the following line: #define
IPFORWARDING 0 to read: #define IPFORWARDING -1 Afterwards, config the kernel,
remake it, and then install it. It may be useful to note, that on SunOS machines,
IPFORWARDING can have three values: -1 Never forward IP packets 0 Don't forward, but
change IPFORWARDING to 1 if there are two or more interfaces 1 Always forward IP
packets
15. Question 15. How To Force A Solaris Machine Not To Be A Router?
Answer :
If you do not want your multiple-interface machine, running Solaris 2.4 or lower, to route
packets, you just need to make a small change to the file /etc/init.d/inetinit. Find the following
two lines: numifs=`ifconfig -au grep inet wc -l` numptptifs=`ifconfig -au grep inet egrep -e '--
>' wc -l` And immediately after them, insert the following: numifs=2 numptptifs=0 After the
machine next reboots, it will not act as a router.
If you are using Solaris 2.5 or greater, it's even easier to make your machine not route
packets. Simply create an /etc/notrouter file: %% touch /etc/notrouter Afterwards, reboot the
machine. It may be useful to note, that on Solaris machines, ip_forwarding can have three
values: 0 Never Forward 1 Always Forward 2 Only forward when two or more interfaces are
 up The above steps result in the ndd /dev/ip ip_forwarding variable being changed from "1" to
"0", which prevents routing.
16. Question 16. How To Set A Netmask Under Sunos?
Answer :
In order to include a permanent netmask on your SunOS machine, you must make an entry in
the /etc/netmasks file, in the following format: network-address-without-zeroes netmask For
example: %%%% cat /etc/netmasks 150.101 255.255.255.0 The above would subnet the class
B network, 150.101.0.0, into 254 subnets, from 150.101.1.0 to 150.101.254.0. It is important
to note that the entry in the left hand column must be the original base network number (ie #
for a Class A, #.# for a Class B and #.#.# for a Class C), not the subnet.
17. Question 17. How To Set A Netmask Under Solaris?
Answer :
In order to include a permanent netmask on your Solaris machine, you must make an entry in
the /etc/netmasks file, in the following format: network-address netmask For example:
%%%% cat /etc/netmasks 150.101.0.0 255.255.255.0 The above would subnet the class B
network, 150.101.0.0, into 254 subnets, from 150.101.1.0 to 150.101.254.0. In 2.5.1 and
below, only one entry for the entire class network is allowed to support standard subnetting as
specified in RFC-950 It is important to note that the entry in the left hand column must be the
original base network number (ie #.0.0.0 for a Class A, #.#.0.0 for a Class B and #.#.#.0 for a
Class C), not the subnet.
The 2.6 kernel has changed to support VLSM. It is now possible to combine the RFC-950 and
RFC-1519 form of subnet masks in the netmasks file. The network address should be the
"SUBNETTED" address NOT the standard network number based on the hosts ip address.
(see man page for netmasks) Here are a few examples: A host address 192.188.206.65 with a
netmask of 255.255.255.224 /etc/netmasks 192.188.206.64 255.255.255.224 A host address
172.31.16.193 with a netmask of 255.255.255.192 /etc/netmasks 172.31.16.192
255.255.255.192
18. Question 18. How Does /ip Route Check-gateway Work?
Answer :
check-gateway sends pings every 10 seconds. if two successive pings fail, the gateway is
considered dead.
19. Question 19. How To Filter Out The Default Route From Outgoing Bgp
Advertisements?
Answer :
Assuming you have a static default route that is redistributed because redistribute-static
parameter is set to yes, do the following:
/routing filter add chain=myfilter prefix=0.0.0.0/0 action=discard
Then set myfilter as the out-filter for BGP instance
/routing bgp instance set default out-filter=myfilter
20. Question 20. What Is Cdp?
Answer :
Cisco Discovery Protocol is a CISCO proprietary protocol to help administrators in collecting
information about both locally attached and remote devices.
21. Question 21. What Is Cost?
 Answer :
Cost is the inverse proportion of bandwidth of the links.
22. Question 22. What Is Hop Count?
Answer :
Hop count is the number of routers from the source through which data must pass to reach the
destination network.
23. Question 23. What Is Bandwidth, Delay, Reliability, Load?
Answer :
o Bandwidth - It is the Data capacity of a link in Kbps.
o Delay - It is the time takes to reach the destination.
o Reliability - The path with the least amount of errors or downtime.
o Load - It is the amount of utilization of a path.
o MTU - Maximum transmission unit (MTU) defines the maximum Layer 3 packet
that can be sent over a medium.
24. Question 24. What Is A Route Metric?
Answer :
Routing Protocol uses Route Metric value to find the best path when there are two or more
different routes to the same destination.
Different routing protocols use Route Metric to compute the distance to destination.
RIP - Hop Count, OSPF - Cost, EIGRP - Bandwidth, Delay, Reliability, Load, MTU.
25. Question 25. What Is Hybrid Routing Protocol?
Answer :
A Hybrid Routing protocol takes the advantages of both Distance Vector and Link State
Routing protocols.
o it sends traditional Distance Vector updates.
o lt has Link State characteristics also which means it synchronizes routing tables
between neighbors at
startup, and then it sends specific updates when network topology changes.
Example:- Enhanced Interior Gateway Routing Protocol (EIGRP)
26. Question 26. What Is Link-state Routing Protocol?
Answer :
Each router running a link state routing protocol originates information about the router, its
directly connected links, and the state of those links. This information is sent to all the routers
in the network as multicast messages.
Link-state routing always try to maintain full networks topology by updating itself
incrementally only when network topology changes. Example:- Open Shortest Path First
(OSPF)
27. Question 27. What Is Distance-vector Routing Protocol?
Answer :
Distance vector routing protocols use the distance or hops as metric to find paths to
destinations.
Example:- Routing Information Protocol (RIP), Interior Gateway Routing Protocol (IGRP)
28. Question 28. What Are The Range Of Ad Values?
 Answer :
0 to 255, where 0 is the Best and 255 is the worst.
Routing Protocol Administrative Distance Value
Directly Connected 0
Static route 1
EIGRP 90
OSPF 110
RIP 120
29. Question 29. What Is Administrative Distance (ad)?
Answer :
Administrative Distance is the trustworthiness of a routing protocol. Routers use AD value to
select the best path when there are two or more different routes to the same destination
learned through two different routing protocols.
30. Question 30. What Is An Autonomous System?
Answer :
An Autonomous System (AS) is a group of networks under a single administrative control.
31. Question 31. What Is Egp?
Answer :
An Exterior Gateway Protocol refers to a routing protocol that handles routing between
different
Autonomous Systems (AS). Example:- Border Gateway Protocol (BGP).
32. Question 32. What Is Igp?
Answer :
An Interior Gateway Protocol refers to a routing protocol that handles routing within a single
autonomous system. Example - RIP, IGRP, EIGRP, and OSPF.
33. Question 33. What Is Routing Protocol?
Answer :
Routing Protocols learn the routes and provide the best routes from one network to another
network.
Example - RIP (Routing Information Protocol) , EIGRP (Enhanced Interior Gateway Routing
Protocol) and
OSPF (Open Shortest Path First).
34. Question 34. What Is A Routed Protocol?
Answer :
A Routed Protocol carries data from one network to another network. Routed Protocol carries
user traffic
such as file transfers, web traffic, e-mails etc.
Example:- IP (Internet Protocol), IPX (Internetwork Packet Exchange) and AppleTalk.
35. Question 35. What Is A Dynamic Routing?
Answer :
In Dynamic routing, routes are learned by using a routing protocol. Routing protocols will
learn about routes from other neighboring routers running the same routing protocol. Example
- OSPF, EIGRP, RIP.
36. Question 36. What Is Default Route?
Answer :
A default route specifies a path that the router should take if the destination is unknown. All
the lP datagrams with unknown destination address are sent to the default route.
37. Question 37. Define Static Routing?
Answer :
In Static routing routes are manually configured on the router by a network administrator.
Static routing has the following Advantages -
o There is no overhead on the router Cpu.
o There is no bandwidth usage between routers.
o lt is secure as the administrator can choose to allow routing access to certain
networks only.
Static routing has the following Disadvantages -
o The administrator must really understand the internetwork and how each router is
connected in order to configure routes correctly.
o lt is not feasible in large networks because maintaining it is a full-time job.
38. Question 38. What Is The Command To Backup Ios To Tftp Server?
Answer :
#copyflashtftp

39. Question 39. What Is The Command To Copy Running-config To Startup Config?
Answer :
# copy running-config startup-config
40. Question 40. What Is The Command To Display The Current Running Configuration?
Answer :
# show running-config
41. Question 41. What Is The Command To Reboot A Router?
Answer :
# reload
42. Question 42. What Is The Command To Enter Global Configuration Mode From
Privilege Mode?
Answer :
# configure terminal
43. Question 43. What Is The Command To Enter Privilege Mode From User Mode?
Answer :
> enable
44. Question 44. What Are The Different Modes In Router?
Answer :
o User Mode>
o Privilege Mode #
o Global Configuration Mode #(Config)
Each Mode has access to different set of lOS commands.
45. Question 45. What Is Rom Monitor?
 Answer :
If the Bootstrap program is not able to find a valid lOS image, it will act as ROM Monitor.
ROM Monitor is capable of performing certain configuration task such as:
o Recovering a lost password
o Changing the configuration register value etc.
o Downloading iOS image using TFTP
46. Question 46. What Are The Possible Locations Of Los Image?
Answer :
FLASH and TFTP Server.
47. Question 47. What Are The Different Types Of Memory In Router?
Answer :
o RAM: Running configuration file: running-config is stored in RAM
o NVRAM: Start up Configuration file: startup-config is stored in NVRAM
o Flash Memory: lOS is stored in Flash Memory
o ROM: Instructions for POST, Bootstrap program, Mini-lOS is stored in ROM
48. Question 48. What Is A Router?
Answer :
A Router is a networking device that performs routing that is it routes packets between
devices that are on different networks.
Router is a Layer 3 device.

Routing Protocols Primary Functions

1. Learn routing information from neighboring routers

2. Advertise routing information to neighboring routers
3. Best Route – If there’s more than one route to a subnet, use logic to pick the best route
based on a metric
4. Convergence – if a topology change occurs (due to failure or addition of a new route),
advertise the change and pick new best route.
 ACL
1. Question 1. What Is Acl?
Answer :
Access Control List is a packet filtering method that filters the IP packets based on source and
destination address. It is a set of rules and conditions that permit or deny IP packets to
exercise control over network traffic.
2. Question 2. What Are Different Types Of Acl?
Answer :
There are two main types of Access lists:-
o Standard Access List.
o Extended Access List.
3. Question 3. Explain Standard Access List?
Answer :
Standard Access List examines only the source IP address in an IP packet to permit or deny
that packet. It cannot match other field in the IP packet. Standard Access List can be created
using the access-list numbers 1-99 or in the expanded range of 1300-1999. Standard Access
List must be applied close to destination. As we are filtering based only on source address, if
we put the standard access-list close to the source host or network than nothing would be
forwarded from source.
Example:-
o R1 (config) # access-list 10 deny host 192.168.1.1
o R1 (config) # int fa0/0
o R1 (config-if) # ip access-group 10 in
4. Question 4. Explain Extended Access List?
Answer :
Extended Access List filters the network traffic based on the Source IP address, Destination
IP address, Protocol Field in the Network layer, Port number field at the Transport layer.
Extended Access List ranges from 100 to 199, In expanded range 2000-2699. Extended
Access List should be placed as close to source as possible. Since extended access list filters
the traffic based on specific addresses (Source IP, Destination IP) and protocols we don’t
want our traffic to traverse the entire network just to be denied wasting the bandwidth.
Example:-
o R1 (config) # access-list 110 deny tcp any host 192.168.1.1 eq 23
o R1 (config) # int fa0/0
o R1 (config-if) # ip access-group 110 in
5. Question 5. Explain Named Acl And Its Advantages Over Number Acl?
Answer :
It is just another way of creating Standard and Extended ACL. In Named ACL names are
given to identify access-list.
It has following advantage over Number ACL - In Name ACL we can give sequence number
which means we can insert a new statement in middle of ACL.
Example:-
o R1 (config) # ip access-list extended CCNA
o R1 (config) # 15 permit tcp host 10.1.1.1 host 20.1.1.1 eq 23
o R1 (config) # exit
 o This will insert above statement at Line 15.
o R1 (config) # int fa0/0
o R1 (config-if) # ip access-group ccna in
6. Question 6. What Is Wildcard Mask?
Answer :
Wildcard mask is used with ACL to specify an individual hosts, a network, or a range of
network. Whenever a zero is present, it indicates that octet in the address must match the
corresponding reference exactly. Whenever a 255 is present, it indicates those octets need not
to be evaluated.
Wildcard Mask is completely opposite to subnet mask.
Example:- For /24
o Subnet Mask - 255.255.255.0
o Wildcard Mask - 0.0.0.255
7. Question 7. How To Permit Or Deny Specific Host In Acl?
Answer :
1. Using a wildcard mask "0.0.0.0"
Example: - 192.168.1.1 0.0.0.0 or
2. Using keyword "Host"
Example: - Host 192.168.1.1
8. Question 8. In Which Directions We Can Apply An Access List?
Answer :
We can apply access list in two directions:-
o IN - ip access-group 10 in
o OUT - ip access-group 10 out
9. Question 9. Difference Between Inbound Access-list And Outbound Access-list?
Answer :
When an access-list is applied to inbound packets on interface, those packets are first
processed through ACL and then routed. Any packets that are denied won’t be routed. When
an access-list is applied to outbound packets on interface, those packets are first routed to
outbound interface and than processed through ACL.
10. Question 10. Difference Between #sh Access-list Command And #sh Run Access-list
Command?
Answer :
o #sh access-list shows number of Hit Counts.
o #sh run access-list does not show number of Hit Counts.
11. Question 11. How Many Access Lists Can Be Applied To An Interface On A Cisco
Router?
Answer :
We can assign only one access list per interface per protocol per direction which means that
when creating an IP access lists, we can have only one inbound access list and one outbound
access list per interface. Multiple access lists are permitted per interface, but they must be for
a different protocol.
12. Question 12. How Access Lists Are Processed?
Answer :
 Access lists are processed in sequential, logical order, evaluating packets from the top down,
one statement at a time. As soon as a match is made, the permit or deny option is applied, and
the packet is not evaluated against any more access list statements. Because of this, the order
of the statements within any access list is significant. There is an implicit “deny” at the end of
each access list which means that if a packet does not match the condition on any of the lines
in the access list, the packet will be discarded.
13. Question 13. What Is At The End Of Each Access List?
Answer :
At the end of each access list, there is an implicit deny statement denying any packet for
which the match has not been found in the access list.
14. Question 14. What Is The Function Of Access-list?
Answer :
Access-List is going to filter incoming as well as outgoing traffic on the router interface.
15. Question 15. What Is The Default Wildcard Mask For Access-list?
Answer :
Default Wild Card Mask for Access-List is 0.0.0.0
16. Question 16. How Many Access-lists Can Be Created On The Router?
Answer :
o 1 per Interface
o 1 per Direction
o 1 per Protocol
17. Question 17. What Are The Advantages Of Standard Acl?
Answer :
o Simple Packet Filtering Purpose
o Limiting Access on VTY lines
o Route Filtering
o NAT
o Route- MAPs
18. Question 18. What Are The Advantages Of Extended Acl?
Answer :
o Complex Packet Filtering Purpose
o Route Filtering
o VPN
o TCP Intercept
o IOS Firewall
19. Question 19. What Is The Difference Between Standard Acl And Extended Acl?
Answer :
o Standard ACL only checks Source IP address, Extended ACL checks Source IP,
Destination IP and Protocol also for filtering traffic.
o Standard ACL can be created using number (1-99, 1300-1399) and Extended ACL
can be created using number (100-199, 2000-2699).
o Two way communication is blocked in Standard ACL, One way communication is
stopped in Extended ACL.
o Standard ACL implemented near to destination, Extended ACL implemented near
to Source.
20. Question 20. What Is The Difference Between Numbered Acl And Named Acl?
Answer :
o Numbered ACL is created by using number; Named ACL is created by using name,
o Removing of specific statement is not possible in Numbered ACL, It is possible in
Named ACL.
21. Question 21. What Is The Difference Between Ipv4 Acl And Ipv6 Acl?
Answer :
o No standard ACL in IPV6
o No wildcard mask in IPV6 ACL
o In IPV6 only Named ACL's are available, there is no numbered ACL.
22. Question 22. What Is The Difference Between Access-group And Access-class
Command?
Answer :
o Access-group command is used to filter traffic on the Interface (Ethernet, Serial).
o Access-class command is used to filter traffic on Lines (Vty, Console, aux).
23. Question 23. What Is The Default Action Of Acl, If No Condition Matches In Acl?
Answer :
Drop traffic.
24. Question 24. Which Traffic Is Not Filtered By Acl?
Answer :
Traffic that is generated by the router itself, ACL is going to filter only transit traffic.